[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Monitoring events



Ideally, I would like to only capture (or parse) events pertaining to
rules I have created (since other system processes are using auditd as
well).  Is there's any kind of identifier that ties events to rules?

Which kernel are you using? Are your events only watches or do you care about syscall auditing as well (meaning you have set some syscall audit rules) ?

kernel-2.6.16-1.2212.2.8_FC6.lspp.34.i686 on Fedora Core 5

At the moment they are only watches, I may add others (syscall rules) later.

Thanks again,
Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]